25 January 2012

The online strike against SOPA and PIPA: exit the law, will a new Internet ‘code’ help?

 
January 18th, 2012 was the largest online protest in history to stop the internet censorship bills, SOPA & PIPA. On January 20th, Congress shelved the bills indefinitely. If they return, we must be ready.

 

 

Everybody has heard about the largest online strike of last week, with the blackout of Wikipedia and Reddit for instance. This was clearly a tactical victory for the large Silicon Valley companies over Hollywood and the old media which had pushed hard for the adoption by the U.S. Congres of the two draft laws, SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act).

It is good that online citizens remain alert about the risks that States can generate for the online communities. It is good to fight for the freedom of expression and the freedom of meeting that Internet definitely facilitates. Internet is clearly an engine for democracy. No discussion. However, this does not mean that Internet should remain immune from any regulation. (For the libertarian spirit that pervades the Internet, any rule of law that touches on the online world is immediately seen as an attempt to kill freedoms; at the same time, this idealistic vision of the Internet wrongly minimises the role that private entities play in channeling information on the network).

To compare SOPA and PIPA with censorship in China, as some have done, is not intellectually honest. Activists would be wiser to refer to censorship with nuance, and should be more cautious when large corporations, such as Google and Facebook, are crying for censorship (History is full of examples where media empires have put forward the risk of censorship to cover-up their will to maximise commercial gain unfettered).

However, to propose domain name blocking as a solution to online piracy beyond the borders, as PIPA/SOPA did, is very probably not a good solution. It is clearly not a good signal: it might justify the use of this tool by repressive regimes whose goal is to restrict freedom of expression. That said, we should not behave as if it domain name blocking is completely ignored in the regulation of online communication under democratic regimes: the UK, Norway and many other countries have allowed some form of blocking of child pornography sites through ISPs (see the reminder by J. Gapper, Halt the Silicon Valley histrionics, FT, 19/1/2012). A High Court in the UK has even imposed to British Telecom and other ISPs the use of a blocking technology against a foreign site which committed repeat copyright infringement. Such a targeted blocking, as long as it remains proportional, is allowed by the courts in Europe (see the Scarlet decision of the European Court of Justice, C-70/10). The claim that, by allowing domain name blocking, SOPA and PIPA would break down the architecture of the Internet thus appears without ground. However, domain name blocking is not a good solution: if it is widely used, it could slow down domain-name resolution for the Internet. It could as well prompt the use of programs that would redirect domains (one of these programs, called “DeSOPA”, has apparently already been developed). More importantly, the concept of a universal addressing system, on which Internet is built, could be degraded (see P. Rosenzweig, Online Piracy and Internet Security: Congress Asks the Right Question but Offers the Wrong Answers, 17/01/2012).

Even more importantly, the short term solution of DNS blocking might postpone the need to revise the specifications of the Internet so as to reduce the risks of vulnerability and security breaches — and maybe of widespread piracy. As clearly shown by P. Rosenzweig (see above), “the current protocols of the Internet” — including the Internet Protocol or IP address which translates a domain name (ipdigit.eu) into a number string (“96.564.268.144”) — “do not have an “authentification” function”. In other terms, those accessing a website can never be sure that an intermediary (a governmental agency, an ISP, a pirate, …) has not hijacked the traffic. We all know cases involving spoofing which allows to redirect an Internet user to a phony website (be it a false bank, charity or IT department). The engineers responsible for defining the infrastructure of the Internet (within the Internet Engineering Task Force or IETF) know this vulnerability of the Internet addressing system and are trying to remedy it. Vint Cerf , known as the one of the fathers of the Internet, “acknowledges that he and co-founder Bob Kahn did not think enough about security when they build the framework for the web”. For Mr Cerf, there might have been “a faulty initial design – with net protocols that rely on trust and freely allow anonymity”. In an interview reported by the Financial Times (12/10/2012), Mr Cerf is quoted as saying: “I would have put a much stronger focus on authenticity or authentification — where did this email come from, what device am I talking to… those things are elements that would make a big difference”.

Today, Mr Cerf is working for Google and has signed the petition against SOPA and PIPA. Why? For a variety of reasons probably. One of the reasons might be that the wrong answers proposed in those bills, i. e. blocking domain names, might delay the adoption of a more recent set of technical specifications adopted by the IETF under the acronym DNSSEC for Domain Name System Security Extension. Those specifications would add security functionalities and allow a better authentification on the Internet. Such a new system might help to fight different types of online pirates which easily work under anonymity.

If this is the way forward to limit the illicit uses of the Internet, then the response to the copying machine that the Internet is would be in the (Internet) machine, not in the law. On the Internet, code (including technical specifications) is the law — but this should not prevent the legislators to adopt balanced rules to tame the Internet where it is really necessary, for example to fight the spread of hate speech online.

One Comment Leave a comment

Submit comment

Your email address will not be published. Required fields are marked *